commit 89a0428fe3436225cdd849b23b9d7fc23ac37766
parent 0dd89ae9b35fee7e2e3b68a8a80242d84db8f324
Author: ukai <ukai>
Date: Wed, 15 Jan 2003 17:13:21 +0000
[w3m-dev 03644] Re: Other user can see local cookie.
* cookie.c (save_cookies): return if no_rc_dir
* etc.c (tmpf_base): add cookie
(tmpfname): use tmp_dir instead of rc_dir
* file.c (loadGeneralFile): cookie is not passed via URL
* fm.h (TMPF_COOKIE): incl
(MAX_TMPF_TYPE): incl
(no_rc_dir): added
(tmp_dir): added
(config_file): added
* local.c (Local_cookie_file): added
(writeLocalCookie): added
(setLocalCookie): dont set environment LOCAL_COOKIE
(localcgi_post): writeLocalCookie
(localcgi_get): writeLocalCookie
* main.c (config_filename): deleted
(cmd_loadURL): arg FormList
(main): rewrite config_file, rc
(ldhelp): no cookie in URL
(cmd_loadURL): arg FormList
(goURL0): cmd_loadURL change
(cmd_loadBuffer): cmd_loadURL change
(adBmark): cookie is posted
(follow_map): cmd_loadURL change
(linkMn): cmd_loadURL change
(reinit): init_rc change
* proto.h (create_option_search_table): deleted
(init_rc): no args
* rc.c (create_option_search_table): static
(init_rc): no args
rewrite
(optionpanel_src1): rewrite
(load_option_panel): html_quote
(panel_set_option): no_rc_dir
* w3mbookmark.c: rewrite
* w3mhelperpanel.c: rewrite
* scripts/dirlist.cgi.in: rewrite
* scripts/w3mhelp.cgi.in: rewrite
* scripts/w3mmail.cgi.in: rewrite
* scripts/multipart/multipart.cgi.in: rewrite
From: Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
Diffstat:
15 files changed, 314 insertions(+), 224 deletions(-)
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,46 @@
+2003-01-16 Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
+
+ * [w3m-dev 03644] Re: Other user can see local cookie.
+ * cookie.c (save_cookies): return if no_rc_dir
+ * etc.c (tmpf_base): add cookie
+ (tmpfname): use tmp_dir instead of rc_dir
+ * file.c (loadGeneralFile): cookie is not passed via URL
+ * fm.h (TMPF_COOKIE): incl
+ (MAX_TMPF_TYPE): incl
+ (no_rc_dir): added
+ (tmp_dir): added
+ (config_file): added
+ * local.c (Local_cookie_file): added
+ (writeLocalCookie): added
+ (setLocalCookie): dont set environment LOCAL_COOKIE
+ (localcgi_post): writeLocalCookie
+ (localcgi_get): writeLocalCookie
+ * main.c (config_filename): deleted
+ (cmd_loadURL): arg FormList
+ (main): rewrite config_file, rc
+ (ldhelp): no cookie in URL
+ (cmd_loadURL): arg FormList
+ (goURL0): cmd_loadURL change
+ (cmd_loadBuffer): cmd_loadURL change
+ (adBmark): cookie is posted
+ (follow_map): cmd_loadURL change
+ (linkMn): cmd_loadURL change
+ (reinit): init_rc change
+ * proto.h (create_option_search_table): deleted
+ (init_rc): no args
+ * rc.c (create_option_search_table): static
+ (init_rc): no args
+ rewrite
+ (optionpanel_src1): rewrite
+ (load_option_panel): html_quote
+ (panel_set_option): no_rc_dir
+ * w3mbookmark.c: rewrite
+ * w3mhelperpanel.c: rewrite
+ * scripts/dirlist.cgi.in: rewrite
+ * scripts/w3mhelp.cgi.in: rewrite
+ * scripts/w3mmail.cgi.in: rewrite
+ * scripts/multipart/multipart.cgi.in: rewrite
+
2003-01-16 Fumitoshi UKAI <ukai@debian.or.jp>
* file.c (loadGopherDir): convertLine RAW_MODE
diff --git a/cookie.c b/cookie.c
@@ -417,7 +417,7 @@ save_cookies(void)
check_expired_cookies();
- if (!First_cookie || is_saved || rc_dir_is_tmp)
+ if (!First_cookie || is_saved || no_rc_dir)
return;
cookie_file = rcFile(COOKIE_FILE);
diff --git a/etc.c b/etc.c
@@ -1503,7 +1503,7 @@ file_to_url(char *file)
}
static char *tmpf_base[MAX_TMPF_TYPE] = {
- "tmp", "src", "frame", "cache"
+ "tmp", "src", "frame", "cache", "cookie",
};
static unsigned int tmpf_seq[MAX_TMPF_TYPE];
@@ -1512,7 +1512,7 @@ tmpfname(int type, char *ext)
{
Str tmpf;
tmpf = Sprintf("%s/w3m%s%d-%d%s",
- rc_dir,
+ tmp_dir,
tmpf_base[type],
CurrentPid, tmpf_seq[type]++, (ext) ? ext : "");
pushText(fileToDelete, tmpf->ptr);
diff --git a/file.c b/file.c
@@ -1550,10 +1550,8 @@ loadGeneralFile(char *path, ParsedURL *volatile current, char *referer,
return NULL;
if (S_ISDIR(st.st_mode)) {
if (UseExternalDirBuffer) {
- Str cmd = Sprintf("%s?cookie=%s&dir=%s#current",
- DirBufferCommand,
- (Str_form_quote(Local_cookie))->ptr,
- pu.file);
+ Str cmd = Sprintf("%s?dir=%s#current",
+ DirBufferCommand, pu.file);
b = loadGeneralFile(cmd->ptr, NULL, NO_REFERER, 0,
NULL);
if (b != NULL && b != NO_BUFFER) {
diff --git a/fm.h b/fm.h
@@ -742,7 +742,8 @@ typedef struct http_request {
#define TMPF_SRC 1
#define TMPF_FRAME 2
#define TMPF_CACHE 3
-#define MAX_TMPF_TYPE 4
+#define TMPF_COOKIE 4
+#define MAX_TMPF_TYPE 5
#define set_no_proxy(domains) (NO_proxy_domains=make_domain_list(domains))
@@ -1017,8 +1018,10 @@ global char UseGraphicChar init(TRUE);
extern char alt_rule[];
#endif /* not KANJI_SYMBOLS */
extern char UseAltEntity;
+global int no_rc_dir init(FALSE);
global char *rc_dir;
-global int rc_dir_is_tmp init(FALSE);
+global char *tmp_dir;
+global char *config_file init(NULL);
#ifdef USE_MOUSE
global int use_mouse init(TRUE);
diff --git a/local.c b/local.c
@@ -23,6 +23,25 @@
#define CGIFN_CONTAIN_SLASH 4
+static char *Local_cookie_file = NULL;
+
+static void
+writeLocalCookie()
+{
+ FILE *f;
+
+ if (no_rc_dir)
+ return;
+ Local_cookie_file = tmpfname(TMPF_COOKIE, NULL)->ptr;
+ set_environ("LOCAL_COOKIE_FILE", Local_cookie_file);
+ f = fopen(Local_cookie_file, "wb");
+ if (!f)
+ return;
+ fwrite(Local_cookie->ptr, sizeof(char), Local_cookie->length, f);
+ fclose(f);
+ chmod(Local_cookie_file, S_IRUSR | S_IWUSR);
+}
+
/* setup cookie for local CGI */
void
setLocalCookie()
@@ -31,7 +50,6 @@ setLocalCookie()
gethostname(hostname, 256);
Local_cookie = Sprintf("%d.%ld@%s", CurrentPid, lrand48(), hostname);
- set_environ("LOCAL_COOKIE", Local_cookie->ptr);
}
Str
@@ -395,6 +413,7 @@ localcgi_post(char *uri, char *qstr, FormList *request, char *referer)
file = cgi_filename(uri, &status);
if (check_local_cgi(file, status) < 0)
return NULL;
+ writeLocalCookie();
tmp1 = tmpfname(TMPF_DFL, NULL);
if ((pid = localcgi_popen_r(&f)) < 0)
return NULL;
@@ -459,6 +478,7 @@ localcgi_get(char *uri, char *request, char *referer)
file = cgi_filename(uri, &status);
if (check_local_cgi(file, status) < 0)
return NULL;
+ writeLocalCookie();
if ((pid = localcgi_popen_r(&f)) < 0)
return NULL;
else if (pid)
diff --git a/main.c b/main.c
@@ -26,8 +26,6 @@ extern int do_getch();
#define DSTR_LEN 256
-static char *config_filename = NULL;
-
Hist *LoadHist;
Hist *SaveHist;
Hist *URLHist;
@@ -71,7 +69,8 @@ JMP_BUF IntReturn;
static void delBuffer(Buffer *buf);
static void cmd_loadfile(char *path);
-static void cmd_loadURL(char *url, ParsedURL *current, char *referer);
+static void cmd_loadURL(char *url, ParsedURL *current, char *referer,
+ FormList *request);
static void cmd_loadBuffer(Buffer *buf, int prop, int linkid);
static void keyPressEventProc(int c);
int show_params_p = 0;
@@ -383,12 +382,7 @@ main(int argc, char **argv, char **envp)
CurrentDir = currentdir();
CurrentPid = (int)getpid();
BookmarkFile = NULL;
- rc_dir = expandName(RC_DIR);
- i = strlen(rc_dir);
- if (i > 1 && rc_dir[i - 1] == '/')
- rc_dir[i - 1] = '\0';
- config_filename = rcFile(CONFIG_FILE);
- create_option_search_table();
+ config_file = NULL;
/* argument search 1 */
for (i = 1; i < argc; i++) {
@@ -397,7 +391,7 @@ main(int argc, char **argv, char **envp)
argv[i] = "-dummy";
if (++i >= argc)
usage();
- config_filename = argv[i];
+ config_file = argv[i];
argv[i] = "-dummy";
}
else if (!strcmp("-h", argv[i]) || !strcmp("-help", argv[i]))
@@ -410,7 +404,7 @@ main(int argc, char **argv, char **envp)
}
/* initializations */
- init_rc(config_filename);
+ init_rc();
LoadHist = newHist();
SaveHist = newHist();
@@ -2007,17 +2001,16 @@ ldhelp(void)
#ifdef USE_HELP_CGI
char *lang;
int n;
+ Str tmp;
lang = AcceptLang;
n = strcspn(lang, ";, \t");
- cmd_loadURL(Sprintf("file:///$LIB/" HELP_CGI CGI_EXTENSION
- "?cookie=%s&version=%s&lang=%s",
- Str_form_quote(Local_cookie)->ptr,
- Str_form_quote(Strnew_charp(w3m_version))->ptr,
- Str_form_quote(Strnew_charp_n(lang, n))->ptr)->ptr,
- NULL, NO_REFERER);
+ tmp = Sprintf("file:///$LIB/" HELP_CGI CGI_EXTENSION "?version=%s&lang=%s",
+ Str_form_quote(Strnew_charp(w3m_version))->ptr,
+ Str_form_quote(Strnew_charp_n(lang, n))->ptr);
+ cmd_loadURL(tmp->ptr, NULL, NO_REFERER, NULL);
#else
- cmd_loadURL(helpFile(HELP_FILE), NULL, NO_REFERER);
+ cmd_loadURL(helpFile(HELP_FILE), NULL, NO_REFERER, NULL);
#endif
}
@@ -3813,7 +3806,7 @@ deletePrevBuf()
}
static void
-cmd_loadURL(char *url, ParsedURL *current, char *referer)
+cmd_loadURL(char *url, ParsedURL *current, char *referer, FormList *request)
{
Buffer *buf;
@@ -3850,7 +3843,7 @@ cmd_loadURL(char *url, ParsedURL *current, char *referer)
#endif /* USE_NNTP */
refresh();
- buf = loadGeneralFile(url, current, referer, 0, NULL);
+ buf = loadGeneralFile(url, current, referer, 0, request);
if (buf == NULL) {
char *emsg = Sprintf("Can't load %s", conv_from_system(url))->ptr;
disp_err_message(emsg, FALSE);
@@ -3925,7 +3918,7 @@ goURL0(char *prompt, int relative)
}
parseURL2(url, &p_url, current);
pushHashHist(URLHist, parsedURL2Str(&p_url)->ptr);
- cmd_loadURL(url, current, referer);
+ cmd_loadURL(url, current, referer, NULL);
if (Currentbuf != cur_buf) /* success */
pushHashHist(URLHist, parsedURL2Str(&Currentbuf->currentURL)->ptr);
}
@@ -3965,7 +3958,7 @@ cmd_loadBuffer(Buffer *buf, int prop, int linkid)
void
ldBmark(void)
{
- cmd_loadURL(BookmarkFile, NULL, NO_REFERER);
+ cmd_loadURL(BookmarkFile, NULL, NO_REFERER, NULL);
}
@@ -3974,15 +3967,19 @@ void
adBmark(void)
{
Str tmp;
+ FormList *request;
- tmp = Sprintf("file://%s/" W3MBOOKMARK_CMDNAME
- "?mode=panel&cookie=%s&bmark=%s&url=%s&title=%s",
- w3m_lib_dir(), (Str_form_quote(Local_cookie))->ptr,
+ tmp = Sprintf("mode=panel&cookie=%s&bmark=%s&url=%s&title=%s",
+ (Str_form_quote(Local_cookie))->ptr,
(Str_form_quote(Strnew_charp(BookmarkFile)))->ptr,
(Str_form_quote(parsedURL2Str(&Currentbuf->currentURL)))->
ptr,
(Str_form_quote(Strnew_charp(Currentbuf->buffername)))->ptr);
- cmd_loadURL(tmp->ptr, NULL, NO_REFERER);
+ request = newFormList(NULL, "post", NULL, NULL, NULL, NULL, NULL);
+ request->body = tmp->ptr;
+ request->length = tmp->length;
+ cmd_loadURL("file:///$LIB/" W3MBOOKMARK_CMDNAME, NULL, NO_REFERER,
+ request);
}
/* option setting */
@@ -4086,7 +4083,7 @@ follow_map(struct parsed_tagarg *arg)
_newT();
buf = Currentbuf;
cmd_loadURL(a->url, baseURL(Currentbuf),
- parsedURL2Str(&Currentbuf->currentURL)->ptr);
+ parsedURL2Str(&Currentbuf->currentURL)->ptr, NULL);
if (buf != Currentbuf)
delBuffer(buf);
else
@@ -4095,7 +4092,7 @@ follow_map(struct parsed_tagarg *arg)
return;
}
cmd_loadURL(a->url, baseURL(Currentbuf),
- parsedURL2Str(&Currentbuf->currentURL)->ptr);
+ parsedURL2Str(&Currentbuf->currentURL)->ptr, NULL);
#endif
}
@@ -4116,7 +4113,7 @@ linkMn(void)
parseURL2(l->url, &p_url, baseURL(Currentbuf));
pushHashHist(URLHist, parsedURL2Str(&p_url)->ptr);
cmd_loadURL(l->url, baseURL(Currentbuf),
- parsedURL2Str(&Currentbuf->currentURL)->ptr);
+ parsedURL2Str(&Currentbuf->currentURL)->ptr, NULL);
}
static void
@@ -5621,7 +5618,7 @@ reinit()
char *resource = searchKeyData();
if (resource == NULL) {
- init_rc(config_filename);
+ init_rc();
sync_with_option();
#ifdef USE_COOKIE
initCookie();
@@ -5631,7 +5628,7 @@ reinit()
}
if (!strcasecmp(resource, "CONFIG") || !strcasecmp(resource, "RC")) {
- init_rc(config_filename);
+ init_rc();
sync_with_option();
displayBuffer(Currentbuf, B_REDRAW_IMAGE);
return;
diff --git a/proto.h b/proto.h
@@ -561,8 +561,7 @@ extern Str decodeMIME(char *orgstr);
extern Str encodeB(char *a);
extern int set_param_option(char *option);
extern char *get_param_option(char *name);
-extern void create_option_search_table();
-extern void init_rc(char *config_filename);
+extern void init_rc(void);
extern Buffer *load_option_panel(void);
extern void panel_set_option(struct parsed_tagarg *);
extern void sync_with_option(void);
diff --git a/rc.c b/rc.c
@@ -847,7 +847,7 @@ compare_table(struct rc_search_table *a, struct rc_search_table *b)
return strcmp(a->param->name, b->param->name);
}
-void
+static void
create_option_search_table()
{
int i, j, k;
@@ -1366,24 +1366,25 @@ sync_with_option(void)
}
void
-init_rc(char *config_filename)
+init_rc(void)
{
+ int i;
struct stat st;
FILE *f;
- char *tmpdir;
- if (((tmpdir = getenv("TMP")) == NULL || *tmpdir == '\0')
- && ((tmpdir = getenv("TEMP")) == NULL || *tmpdir == '\0')
- && ((tmpdir = getenv("TMPDIR")) == NULL || *tmpdir == '\0'))
- tmpdir = "/tmp";
+ if (config_file != NULL)
+ goto open_rc;
+
+ rc_dir = expandName(RC_DIR);
+ i = strlen(rc_dir);
+ if (i > 1 && rc_dir[i - 1] == '/')
+ rc_dir[i - 1] = '\0';
if (stat(rc_dir, &st) < 0) {
if (errno == ENOENT) { /* no directory */
if (do_mkdir(rc_dir, 0700) < 0) {
fprintf(stderr, "Can't create config directory (%s)!", rc_dir);
- rc_dir = tmpdir;
- rc_dir_is_tmp = TRUE;
- return;
+ goto rc_dir_err;
}
else {
stat(rc_dir, &st);
@@ -1391,37 +1392,56 @@ init_rc(char *config_filename)
}
else {
fprintf(stderr, "Can't open config directory (%s)!", rc_dir);
- rc_dir = tmpdir;
- rc_dir_is_tmp = TRUE;
- return;
+ goto rc_dir_err;
}
}
if (!S_ISDIR(st.st_mode)) {
/* not a directory */
fprintf(stderr, "%s is not a directory!", rc_dir);
- rc_dir = tmpdir;
- rc_dir_is_tmp = TRUE;
- return;
+ goto rc_dir_err;
}
+ if (!(st.st_mode & S_IWUSR)) {
+ fprintf(stderr, "%s is not writable!", rc_dir);
+ goto rc_dir_err;
+ }
+ no_rc_dir = FALSE;
+ tmp_dir = rc_dir;
+
+ if (config_file == NULL)
+ config_file = rcFile(CONFIG_FILE);
+
+ create_option_search_table();
+ open_rc:
/* open config file */
if ((f = fopen(etcFile(W3MCONFIG), "rt")) != NULL) {
interpret_rc(f);
fclose(f);
}
- config_file = config_filename;
- if (config_file == NULL)
- config_file = rcFile(CONFIG_FILE);
if ((f = fopen(config_file, "rt")) != NULL) {
interpret_rc(f);
fclose(f);
}
+ return;
+
+ rc_dir_err:
+ no_rc_dir = TRUE;
+ if (((tmp_dir = getenv("TMPDIR")) == NULL || *tmp_dir == '\0') &&
+ ((tmp_dir = getenv("TMP")) == NULL || *tmp_dir == '\0') &&
+ ((tmp_dir = getenv("TEMP")) == NULL || *tmp_dir == '\0'))
+ tmp_dir = "/tmp";
}
static char optionpanel_src1[] =
- "<html><head><title>Option Setting Panel</title></head>\
-<body><center><b>Option Setting Panel</b><br><b>(w3m version %s)</b></center><p>\n" "<a href=\"file:///$LIB/" W3MHELPERPANEL_CMDNAME "?mode=panel&cookie=%s\">%s</a>\n" "<form method=internal action=option>";
+ "<html><head><title>Option Setting Panel</title></head><body>\
+<h1 align=center>Option Setting Panel<br>(w3m version %s)</b></h1>\
+<form method=post action=\"file:///$LIB/" W3MHELPERPANEL_CMDNAME "\">\
+<input type=hidden name=mode value=panel>\
+<input type=hidden name=cookie value=\"%s\">\
+<input type=submit value=\"%s\">\
+</form><br>\
+<form method=internal action=option>";
static Str
to_str(struct param_ptr *p)
@@ -1458,8 +1478,8 @@ to_str(struct param_ptr *p)
Buffer *
load_option_panel(void)
{
- Str src = Sprintf(optionpanel_src1, w3m_version,
- (Str_form_quote(Local_cookie))->ptr, CMT_HELPER);
+ Str src = Sprintf(optionpanel_src1, html_quote(w3m_version),
+ html_quote(Local_cookie->ptr), CMT_HELPER);
struct param_ptr *p;
struct sel_c *s;
int x, i;
@@ -1530,7 +1550,7 @@ panel_set_option(struct parsed_tagarg *arg)
{
FILE *f = NULL;
- if (rc_dir_is_tmp) {
+ if (no_rc_dir) {
disp_message("There's no ~/.w3m directory... config not saved", FALSE);
}
else {
diff --git a/scripts/dirlist.cgi.in b/scripts/dirlist.cgi.in
@@ -33,15 +33,16 @@ $query = $ENV{'QUERY_STRING'};
$dir = '';
$cmd = '';
$cookie = '';
-# $cgi = 0;
-# if ($query eq '') {
-# $_ = `pwd`; # insecure?
-# chop;
-# s/\r$//;
-# $dir = $_;
-# $cgi = 0;
-# } elsif ($query =~ /^(opt\d+|dir|cmd|cookie)=/) {
- foreach(split(/\&/, $query)) {
+$local_cookie = '';
+foreach(split(/\&/, $query)) {
+ if (s/^dir=//) {
+ $dir = &form_decode($_);
+ }
+}
+$body = undef;
+if ($ENV{'REQUEST_METHOD'} eq 'POST') {
+ sysread(STDIN, $body, $ENV{'CONTENT_LENGTH'});
+ foreach(split(/\&/, $body)) {
if (s/^dir=//) {
$dir = &form_decode($_);
} elsif (s/^opt(\d+)=//) {
@@ -52,27 +53,22 @@ $cookie = '';
$cookie = &form_decode($_);
}
}
- if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
- print <<EOF;
+}
+$cookie_file = $ENV{'LOCAL_COOKIE_FILE'};
+if (-f $cookie_file) {
+ open(F, "< $cookie_file");
+ $local_cookie = <F>;
+ close(F);
+}
+if ($local_cookie eq '' || (defined($body) && $cookie ne $local_cookie)) {
+ print <<EOF;
Content-Type: text/plain
Local cookie doesn't match: It may be an illegal execution
EOF
- exit(1);
- }
- $cookie = &html_quote($cookie);
- $cgi = 1;
-# } else {
-# $dir = $query;
-# if (($dir !~ m@^/@) &&
-# ($WIN32 && $dir !~ /^[a-z]:/i)) {
-# $_ = `pwd`; # insecure?
-# chop;
-# s/\r$//;
-# $dir = "$_/$dir";
-# }
-# $cgi = -1;
-# }
+ exit(1);
+}
+$local_cookie = &html_quote($local_cookie);
if ($dir !~ m@/$@) {
$dir .= '/';
}
@@ -88,9 +84,7 @@ if ($WIN32) {
$ROOT = &cygwin_pathconv("$ROOT");
}
}
-if ($cgi) {
- $dir = &cleanup($dir);
-}
+$dir = &cleanup($dir);
$TYPE = $OPT[$OPT_TYPE];
$FORMAT = $OPT[$OPT_FORMAT];
@@ -117,9 +111,6 @@ EOF
exit 1;
}
-# ($cgi > 0) && print <<EOF;
-# w3m-control: DELETE_PREVBUF
-# EOF
print <<EOF;
Content-Type: text/html
@@ -404,9 +395,9 @@ sub print_form {
local($_, @vs, @os, $v, $o);
print <<EOF;
-<form action=\"$CGI\">
+<form method=post action=\"$CGI#current\">
<center>
-<table>
+<table cellpadding=0>
<tr valign=top>
EOF
foreach(0 .. 2) {
@@ -433,7 +424,7 @@ EOF
</table>
</center>
<input type=hidden name=dir value="$d">
-<input type=hidden name=cookie value="$cookie">
+<input type=hidden name=cookie value="$local_cookie">
</form>
EOF
}
diff --git a/scripts/multipart/multipart.cgi.in b/scripts/multipart/multipart.cgi.in
@@ -28,24 +28,14 @@ if (defined($query)) {
}
$file = &form_decode($v{'file'});
$boundary = &form_decode($v{'boundary'});
- $cookie = &form_decode($v{'cookie'});
- if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
- print <<EOF;
-Content-Type: text/plain
-
-Local cookie doesn't match: It may be an illegal execution
-EOF
- exit(1);
- }
} else {
$file = $ARGV[0];
if (@ARGV >= 2) {
$boundary = $ARGV[1];
}
- $cookie = $ENV{'LOCAL_COOKIE'};
}
-
-open(F, "< $file");
+(-f $file) || exit(1);
+open(F, "< $file") || exit(1);
$end = 0;
$mbody = '';
if (defined($boundary)) {
@@ -131,7 +121,6 @@ if (defined($v{'count'})) {
$qcgi = &html_quote($CGI);
$qfile = &html_quote($file);
$qboundary = &html_quote($boundary);
-$qcookie = &html_quote($cookie);
if ($mbody =~ /\S/) {
$_ = $mbody;
@@ -196,20 +185,16 @@ while(! $end) {
s/\>/\>/g;
print "<pre>\n";
print $_;
- print "\n</pre>\n";
+ print "</pre>\n";
if ($type =~ /name=\"?([^\"]+)\"?/ ||
$dispos =~ /filename=\"?([^\"]+)\"?/) {
$name = $1;
} else {
$name = "Content";
}
- print "<form method=POST action=\"$qcgi?$count\">\n";
- print "<input type=hidden name=file value=\"$qfile\">\n";
- print "<input type=hidden name=boundary value=\"$qboundary\">\n";
- print "<input type=hidden name=cookie value=\"$qcookie\">\n";
- print "<input type=hidden name=count value=\"$count\">\n";
+ print "<form action=\"$qcgi?file=$qfile&boundary=$qboundary&count=$count\">\n";
if ($image) {
- print "<input type=image name=submit src=\"$CGI?file=$qfile&boundary=$qboundary&cookie=$qcookie&count=$count\" alt=\"",
+ print "<input type=image name=submit src=\"$qcgi?file=$qfile&boundary=$qboundary&count=$count\" alt=\"",
&html_quote($name), "\">\n";
} else {
print "<input type=submit name=submit value=\"",
diff --git a/scripts/w3mhelp.cgi.in b/scripts/w3mhelp.cgi.in
@@ -49,18 +49,6 @@ if (defined($ENV{'QUERY_STRING'})) {
$lang = $tlang;
}
}
- if ($ENV{'QUERY_STRING'} =~ /(^|&)cookie=([^&]*)/) {
- $cookie = $2;
- $cookie =~ s/\+|%([0-9A-Fa-f][0-9A-Fa-f])/$& eq '+' ? ' ' : pack('C', hex($1))/ge;
- }
-}
-if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
- print <<EOF;
-Content-Type: text/plain
-
-Local cookie doesn't match: It may be an illegal execution
-EOF
- exit(1);
}
%f = %keyfunc;
@@ -115,9 +103,7 @@ HEADING
$q_version = $version;
$q_version =~ s/[^A-Za-z0-9_\$\.\-]/sprintf('%%%02X', ord($&))/ge;
-$q_cookie = $cookie;
-$q_cookie =~ s/[^A-Za-z0-9_\$\.\-]/sprintf('%%%02X', ord($&))/ge;
-$script = "<A HREF=\"$ENV{'SCRIPT_NAME'}?cookie=$q_cookie&version=$q_version&lang=";
+$script = "<A HREF=\"$ENV{'SCRIPT_NAME'}?version=$q_version&lang=";
# doc:en_English doc-jp:ja_Japanese
for $otherlang (@docdirs) {
diff --git a/scripts/w3mmail.cgi.in b/scripts/w3mmail.cgi.in
@@ -5,11 +5,17 @@ $rcsid = q$Id$;
($prog=$0) =~ s/.*\///;
$query = $ENV{'QUERY_STRING'};
-$local_cookie = $ENV{'LOCAL_COOKIE'};
+$cookie_file = $ENV{'LOCAL_COOKIE_FILE'};
+$local_cookie = '';
$SENDMAIL = '/usr/lib/sendmail';
$SENDMAIL = '/usr/sbin/sendmail' if -x '/usr/sbin/sendmail';
$SENDMAIL_OPT = '-oi -t';
+if (-f $cookie_file) {
+ open(F, "< $cookie_file");
+ $local_cookie = <F>;
+ close(F);
+}
if ($query =~ s/^\w+://) {
$url = $query;
$qurl = &html_quote($url);
@@ -43,8 +49,9 @@ if ($query =~ s/^\w+://) {
print "\r\n";
print "<html><head><title>W3M Mailer: $qurl</title></head>\n";
print "<body><h1>W3M Mailer: $qurl</h1>\n";
- print "<form action='file://$0' method='POST'>\n";
- print "<input type='hidden' name='cookie' value='$local_cookie'>\n";
+ print "<form action=\"file://$0\" method='POST'>\n";
+ $local_cookie = &html_quote($local_cookie);
+ print "<input type='hidden' name='cookie' value=\"$local_cookie\">\n";
print "<table>\n";
foreach $h ('from', 'to', 'cc', 'bcc', 'subject') {
$v = &lang_html_quote($opt{$h});
@@ -52,6 +59,7 @@ if ($query =~ s/^\w+://) {
delete $opt{$h};
}
if ($boundary) {
+ $boundary = &html_quote($boundary);
print "<tr><td>Content-Type:<td>multipart/form-data; boundary=\"$boundary\"\n";
print "<input type='hidden' name='boundary' value=\"$boundary\">\n";
}
@@ -98,8 +106,9 @@ if ($query =~ s/^\w+://) {
print "<html><head><title>W3M Mailer</title></head>\n";
print "<body>\n";
print "<h1>W3M Mailer: preview</h1>\n";
- print "<form action='$0' method='POST'>\n";
- print "<input type='hidden' name='cookie' value='$local_cookie'>\n";
+ print "<form action=\"file://$0\" method='POST'>\n";
+ $local_cookie = &html_quote($local_cookie);
+ print "<input type='hidden' name='cookie' value=\"$local_cookie\">\n";
print "<hr>\n";
print "<pre>\n";
foreach $h (keys %opt) {
@@ -112,13 +121,15 @@ if ($query =~ s/^\w+://) {
($cs,$cte,$body) = &lang_body(&lang_html_quote($body), 0);
print "Mime-Version: 1.0\n";
if ($boundary) {
+ $boundary = &html_quote($boundary);
print "Content-Type: multipart/form-data;\n";
print " boundary=\"$boundary\"\n";
} else {
print "Content-Type: text/plain; charset=$cs\n";
}
# print "Content-Transfer-Encoding: $cte\n";
- print "User-Agent: $ENV{'SERVER_SOFTWARE'} $prog/$id\n";
+ print "User-Agent: ", &html_quote("$ENV{'SERVER_SOFTWARE'} $prog/$id"),
+ "\n";
print "\n";
print $body;
print "\n" if ($body !~ /\n$/);
@@ -137,10 +148,10 @@ if ($query =~ s/^\w+://) {
foreach $h (keys %opt) {
$qh = &html_quote($h);
print "<tr><td>\u$qh:<td>$v{$h}\n";
- print "<input type='hidden' name=\"$qh\" value=\"$v\">\n";
+ print "<input type='hidden' name=\"$qh\" value=\"$v{$h}\">\n";
}
print "<tr><td colspan=2>\n";
- print "<textarea cols=40 rows=10 name='body'>\n";
+ print "<textarea cols=40 rows=10 name=body>\n";
if ($body) {
print $body;
}
@@ -158,7 +169,7 @@ if ($query =~ s/^\w+://) {
print "\r\n";
print "<html><head><title>W3M Mailer</title></head>\n";
print "<body><h1>W3M Mailer: open sendmail failed</h1>\n";
- print "<p>$@</p>\n";
+ print "<p>", &html_quote($@), "</p>\n";
print "</body></html>\n";
exit(0);
}
@@ -189,7 +200,7 @@ if ($query =~ s/^\w+://) {
print "\r\n";
print "<html><head><title>W3M Mailer</title></head>\n";
print "<body><h1>W3M Mailer: close sendmail failed</h1>\n";
- print "<p>$@</p>\n";
+ print "<p>", &html_quote($@), "</p>\n";
print "</body></html>\n";
}
}
diff --git a/w3mbookmark.c b/w3mbookmark.c
@@ -1,7 +1,5 @@
/* $Id$ */
-#ifdef __EMX__
#include <stdlib.h>
-#endif
#include <stdio.h>
#include "config.h"
#include "Str.h"
@@ -10,46 +8,47 @@
#include "parsetag.h"
#if LANG == JA
-static char *bkmark_src1 = "<html><head><title>Bookmark Registration</title>\n\
-<body><h1>ブックマークの登録</h1>\n\n" "<form method=get action=\"file://%s/" W3MBOOKMARK_CMDNAME "\">\n\n" "<input type=hidden name=mode value=register>\n\
-<input type=hidden name=bmark value=\"%s\">\n\
-<table cellpadding=0>\n";
+#define BKMARK_TITLE "ブックマークの登録"
+#define BKMARK_ADD "登録"
+#define DEFAULT_SECTION "未分類"
+#else
+#define BKMARK_TITLE "Register to my bookmark"
+#define BKMARK_ADD "ADD"
+#define DEFAULT_SECTION "Miscellaneous"
+#endif
-static char *bkmark_src2 =
- "<tr><td>New Section:</td><td><input type=text name=newsection width=60></td></tr>\n\
-<tr><td>URL:</td><td><input type=text name=url value=\"%s\" width=60></td></tr>\n\
-<tr><td>Title:</td><td><input type=text name=title value=\"%s\" width=60></td></tr>\n\
-<tr><td><input type=submit name=submit value=\"登録\"></td>\n\
-</table>\n\
-<input type=hidden name=cookie value=\"%s\">\
-</form>\
-</body></html>\n";
-static char *default_section = "未分類";
-#else /* LANG != JA */
-static char *bkmark_src1 = "<html><head><title>Bookmark Registration</title>\n\
-<body><h1>Register to my bookmark</h1>\n\n" "<form method=get action=\"file://%s/" W3MBOOKMARK_CMDNAME "\">\n\n" "<input type=hidden name=mode value=register>\n\
+static char *bkmark_src1 =
+ "<html>\n\
+<head>\n\
+<title>" BKMARK_TITLE "</title>\n\
+</head>\n\
+<body>\n\
+<h1>" BKMARK_TITLE "</h1>\n\
+<form method=post action=\"file:///$LIB/" W3MBOOKMARK_CMDNAME "\">\n\
+<input type=hidden name=mode value=register>\n\
<input type=hidden name=bmark value=\"%s\">\n\
+<input type=hidden name=cookie value=\"%s\">\n\
<table cellpadding=0>\n";
static char *bkmark_src2 =
- "<tr><td>New Section:</td><td><input type=text name=newsection width=60></td></tr>\n\
-<tr><td>URL:</td><td><input type=text name=url value=\"%s\" width=60></td></tr>\n\
-<tr><td>Title:</td><td><input type=text name=title value=\"%s\" width=60></td></tr>\n\
-<tr><td><input type=submit name=submit value=\"ADD\"></td>\n\
+ "<tr><td>New Section:<td><input type=text name=newsection size=60>\n\
+<tr><td>URL:<td><input type=text name=url value=\"%s\" size=60>\n\
+<tr><td>Title:<td><input type=text name=title value=\"%s\" size=60>\n\
+<tr><td><input type=submit value=\"" BKMARK_ADD "\">\n\
</table>\n\
-<input type=hidden name=cookie value=\"%s\">\
-</form>\
-</body></html>\n";
-static char *default_section = "Miscellaneous";
-#endif /* LANG != JA */
+</form>\n\
+</body>\n\
+</html>\n";
+#undef FALSE
#define FALSE 0
-#define T 1
+#undef TRUE
+#define TRUE 1
static char end_section[] =
"<!--End of section (do not delete this comment)-->\n";
-char *Local_cookie;
+static char *Local_cookie = NULL;
void
print_bookmark_panel(char *bmark, char *url, char *title)
@@ -59,7 +58,7 @@ print_bookmark_panel(char *bmark, char *url, char *title)
char *p;
printf("Content-Type: text/html\n\n");
- printf(bkmark_src1, w3m_lib_dir(), bmark);
+ printf(bkmark_src1, html_quote(bmark), html_quote(Local_cookie));
if ((f = fopen(bmark, "r")) != NULL) {
printf("<tr><td>Section:<td><select name=\"section\">\n");
while (tmp = Strfgets(f), tmp->length > 0) {
@@ -69,13 +68,13 @@ print_bookmark_panel(char *bmark, char *url, char *title)
tmp2 = Strnew();
while (*p && *p != '<')
Strcat_char(tmp2, *p++);
- printf("<option value=\"%s\">%s</option>", tmp2->ptr,
+ printf("<option value=\"%s\">%s\n", tmp2->ptr,
tmp2->ptr);
}
}
printf("</select>\n");
}
- printf(bkmark_src2, html_quote(url), html_quote(title), Local_cookie);
+ printf(bkmark_src2, html_quote(url), html_quote(title));
}
/* create new bookmark */
@@ -117,7 +116,7 @@ insert_bookmark(char *bmark, struct parsed_tagarg *data)
if (section == NULL || *section == '\0')
section = tag_get_value(data, "section");
if (section == NULL || *section == '\0')
- section = default_section;
+ section = DEFAULT_SECTION;
if (url == NULL || *url == '\0' || title == NULL || *title == '\0') {
/* Bookmark not added */
@@ -175,7 +174,9 @@ int
main(int argc, char *argv[], char **envp)
{
extern char *getenv();
- char *qs;
+ char *p;
+ int length;
+ Str qs = NULL;
struct parsed_tagarg *cgiarg;
char *mode;
char *bmark;
@@ -183,21 +184,33 @@ main(int argc, char *argv[], char **envp)
char *title;
char *sent_cookie;
- if ((qs = getenv("QUERY_STRING")) == NULL) {
- printf("Content-Type: text/plain\n\n");
- printf("Incomplete Request: no QUERY_STRING\n");
- exit(1);
+ p = getenv("REQUEST_METHOD");
+ if (p == NULL || strcasecmp(p, "post"))
+ goto request_err;
+ p = getenv("CONTENT_LENGTH");
+ if (p == NULL || (length = atoi(p)) <= 0)
+ goto request_err;
+
+ qs = Strfgets(stdin);
+ Strchop(qs);
+ if (qs->length != length)
+ goto request_err;
+ cgiarg = cgistr2tagarg(qs->ptr);
+
+ p = getenv("LOCAL_COOKIE_FILE");
+ if (p) {
+ FILE *f = fopen(p, "r");
+ if (f) {
+ Local_cookie = Strfgets(f)->ptr;
+ fclose(f);
+ }
}
-
- cgiarg = cgistr2tagarg(qs);
-
- Local_cookie = getenv("LOCAL_COOKIE");
sent_cookie = tag_get_value(cgiarg, "cookie");
if (sent_cookie == NULL || Local_cookie == NULL ||
strcmp(sent_cookie, Local_cookie) != 0) {
/* local cookie doesn't match: It may be an illegal invocation */
- printf("Content-Type: text/plain\n");
- printf("\nLocal cookie doesn't match: It may be an illegal invocation\n");
+ printf("Content-Type: text/plain\n\n");
+ printf("Local cookie doesn't match: It may be an illegal invocation\n");
exit(1);
}
@@ -205,12 +218,8 @@ main(int argc, char *argv[], char **envp)
bmark = expandPath(tag_get_value(cgiarg, "bmark"));
url = tag_get_value(cgiarg, "url");
title = tag_get_value(cgiarg, "title");
- if (bmark == NULL || url == NULL) {
- /* incomplete request */
- printf("Content-Type: text/plain\n\n");
- printf("Incomplete Request: QUERY_STRING=%s\n", qs);
- exit(1);
- }
+ if (bmark == NULL || url == NULL)
+ goto request_err;
if (mode && !strcmp(mode, "panel")) {
if (title == NULL)
title = "";
@@ -220,8 +229,14 @@ main(int argc, char *argv[], char **envp)
printf("Content-Type: text/plain\n");
if (insert_bookmark(bmark, cgiarg)) {
printf("w3m-control: BACK\n");
- printf("w3m-control: BACK\n\n");
+ printf("w3m-control: BACK\n");
}
+ printf("\n");
}
return 0;
+
+ request_err:
+ printf("Content-Type: text/plain\n\n");
+ printf("Incomplete Request: %s\n", qs ? qs->ptr : "(null)");
+ exit(1);
}
diff --git a/w3mhelperpanel.c b/w3mhelperpanel.c
@@ -2,6 +2,7 @@
#include <errno.h>
#include <stdlib.h>
#include <stdio.h>
+#include <string.h>
#include "config.h"
#include "Str.h"
#include "indep.h"
@@ -18,7 +19,7 @@
#define MSG_DELETE "削除"
#define MSG_DOIT "実行"
#else /* LANG != JA */
-#define MSG_TITLE "External Viewers"
+#define MSG_TITLE "External Viewers Setup"
#define MSG_NEW_ENTRY "New Entry"
#define MSG_TYPE "Type"
#define MSG_COMMAND "Command"
@@ -81,32 +82,33 @@ printMailcapPanel(char *mailcap)
}
}
printf("Content-Type: text/html\n\n");
- printf
- ("<html><head><title>External Viewer Setup</title></head><body><h1>%s</h1>\n",
- MSG_TITLE);
- printf("<form method=get action=\"file:///$LIB/" W3MHELPERPANEL_CMDNAME
+ printf("<html>\n<head>\n<title>%s</title>\n</head>\n<body>\n<h1>%s</h1>\n",
+ MSG_TITLE, MSG_TITLE);
+ printf("<form method=post action=\"file:///$LIB/" W3MHELPERPANEL_CMDNAME
"\">\n");
printf("<input type=hidden name=mode value=edit>\n");
- printf("<input type=hidden name=cookie value=\"%s\">\n", local_cookie);
- printf
- ("%s: %s=<input type=text name=newtype><br>%s=<input type=text name=newcmd><br><input type=submit name=submit value=\"%s\">\n",
- MSG_NEW_ENTRY, MSG_TYPE, MSG_COMMAND, MSG_REGISTER);
- printf
- ("<p><hr width=50%%><p><table border='0' cellpadding='0'><tr><th> <th><b>%s</b><th><b>%s</b>\n",
- MSG_TYPE, MSG_COMMAND);
+ printf("<input type=hidden name=cookie value=\"%s\">\n",
+ html_quote(local_cookie));
+ printf("<table>\n<tr><td>%s:<td>%s=<input type=text name=newtype size=40>\n\
+<tr><td><td>%s=<input type=text name=newcmd size=40>\n\
+<tr><td><input type=submit name=submit value=\"%s\">\n</table>\n",
+ MSG_NEW_ENTRY, MSG_TYPE, MSG_COMMAND, MSG_REGISTER);
+ printf("<p><hr width=50%%><p>\n<table border='0' cellpadding='0'>\n\
+<tr><th align=left><b>%s</b><th><b>%s</b>\n",
+ MSG_TYPE, MSG_COMMAND);
while (tmp = Strfgets(f), tmp->length > 0) {
if (tmp->ptr[0] == '#')
continue;
Strchop(tmp);
extractMailcapEntry(tmp->ptr, &type, &viewer);
- printf("<tr valign=top><td><td>%s<td>%s<td>", html_quote(type),
+ printf("<tr valign=top><td>%s<td>%s<td nowrap>", html_quote(type),
html_quote(viewer));
printf("<input type=checkbox name=delete value=\"%s\">%s\n",
html_quote(type), MSG_DELETE);
}
- printf
- ("</table><input type=submit name=submit value=\"%s\"></form></body></html>\n",
- MSG_DOIT);
+ printf("</table>\n<input type=submit name=submit value=\"%s\">\n</form>\n\
+</body>\n</html>\n",
+ MSG_DOIT);
}
void
@@ -159,17 +161,34 @@ main(int argc, char *argv[], char **envp)
{
Str mailcapfile;
extern char *getenv();
- char *qs;
+ char *p;
+ int length;
+ Str qs = NULL;
struct parsed_tagarg *cgiarg;
char *mode;
char *sent_cookie;
- if ((qs = getenv("QUERY_STRING")) == NULL)
- exit(1);
-
- cgiarg = cgistr2tagarg(qs);
-
- local_cookie = getenv("LOCAL_COOKIE");
+ p = getenv("REQUEST_METHOD");
+ if (p == NULL || strcasecmp(p, "post"))
+ goto request_err;
+ p = getenv("CONTENT_LENGTH");
+ if (p == NULL || (length = atoi(p)) <= 0)
+ goto request_err;
+
+ qs = Strfgets(stdin);
+ Strchop(qs);
+ if (qs->length != length)
+ goto request_err;
+ cgiarg = cgistr2tagarg(qs->ptr);
+
+ p = getenv("LOCAL_COOKIE_FILE");
+ if (p) {
+ FILE *f = fopen(p, "r");
+ if (f) {
+ local_cookie = Strfgets(f)->ptr;
+ fclose(f);
+ }
+ }
sent_cookie = tag_get_value(cgiarg, "cookie");
if (local_cookie == NULL || sent_cookie == NULL ||
strcmp(local_cookie, sent_cookie) != 0) {
@@ -178,8 +197,7 @@ main(int argc, char *argv[], char **envp)
}
mode = tag_get_value(cgiarg, "mode");
- mailcapfile = Strnew_charp(expandPath(RC_DIR));
- Strcat_charp(mailcapfile, "/mailcap");
+ mailcapfile = Strnew_charp(expandPath(USER_MAILCAP));
if (mode && !strcmp(mode, "edit")) {
char *referer;
/* check if I can edit my mailcap */
@@ -198,4 +216,8 @@ main(int argc, char *argv[], char **envp)
printMailcapPanel(mailcapfile->ptr);
}
return 0;
+
+ request_err:
+ bye("Incomplete Request:", qs ? qs->ptr : "(null)");
+ exit(1);
}